The Samba-Bugzilla – Bug 1666
One-way external ADS trusts show up as DISCONNECTED
Last modified: 2005-08-24 10:21:29 UTC
I have the following situation:
[Samba Server ] (Member of Eng-ADS.Test1)
This is an external trust, and both sides of the trust are established (incoming
and outgoing). However, it's a one way trust, in that Eng-ADS.Test1 trusts
TS-ADS.Test2, but TS-ADS.Test2 does not trust Eng-ADS.Test1. In this case,
winbindd shows the following when I run wbinfo --sequence:
sh-2.04# wbinfo --sequence
ENG-ADS : 145596
TS-ADS : DISCONNECTED
From the log.winbindd at debug level 10 perspective, I get the following:
krb5_get_credentials failed for ts-adsdc$@TS-ADS.TEST2 (Server not found in
failed kerberos session setup with NT_STATUS_OK
I think I talked to Andrew B. at one point about this, and he said that there
was no way this could work, but it's been a while. Windows in this case works
fine, ideally we should be able to work with a one way external trust too.
This same situation works fine if the one way trusted domain in question is an
I've got reports that this is working much better in 3.0.11.
Please retest and reopen iof the issue is still present. Thanks.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.